ansible_bootstrap/tasks/main.yml

104 lines
4.6 KiB
YAML
Raw Normal View History

2018-12-01 19:56:20 +00:00
---
# tasks file for ansible_bootstrap
2019-09-18 20:24:19 +00:00
- name: detect debian
2021-08-18 16:09:53 +00:00
raw: uname -a|grep Debian||true
2019-09-18 20:24:19 +00:00
register: debian
- name: "install python for debian"
raw: apt-get install python --assume-yes
2021-08-18 16:11:58 +00:00
when: debian.stdout
2019-09-18 20:24:19 +00:00
2021-02-26 17:58:25 +00:00
- name: add local repo to mirrorlist
become: yes
2021-08-18 16:11:58 +00:00
lineinfile:
2021-02-26 17:58:25 +00:00
path: /etc/pacman.d/mirrorlist
line: "Server= {{system_arch_local_mirror}}/$repo/os/$arch"
state: present
insertbefore: BOF
when: system_arch_local_mirror is defined and not debian.stdout
2019-09-18 20:24:19 +00:00
- name: upgrade system for arch
2019-04-15 18:14:02 +00:00
pacman:
2021-08-18 16:11:58 +00:00
state: latest # not required. choices: absent;latest;present. Desired state of the package.
upgrade: true # not required. Whether or not to upgrade whole system.
force: true # not required. When removing package - force remove package, without any checks. When update_cache - force redownload repo databases.
update_cache: true
2019-04-15 18:14:02 +00:00
become: yes
register: upgrade
2019-09-18 20:24:19 +00:00
when: not debian.stdout
- name: upgrade system for debian
apt:
2021-08-18 16:11:58 +00:00
update_cache: yes # not required. Run the equivalent of C(apt-get update) before the operation. Can be run as part of the package installation or as a separate step.
only_upgrade: yes # not required. Only upgrade a package if it is already installed.
upgrade: full # not required. choices: dist;full;no;safe;yes. If yes or safe, performs an aptitude safe-upgrade.,If full, performs an aptitude full-upgrade.,If dist, performs an apt-get dist-upgrade.,Note: This does not upgrade a specific package, use state=latest for that.,Note: Since 2.4, apt-get is used as a fall-back if aptitude is not present.
state: latest # not required. choices: absent;build-dep;latest;present. Indicates the desired package state. C(latest) ensures that the latest version is installed. C(build-dep) ensures the package build dependencies are installed.
2019-09-18 20:24:19 +00:00
become: yes
2021-08-18 16:11:58 +00:00
when: debian.stdout
2019-09-18 20:24:19 +00:00
register: upgrade
2019-04-15 18:14:02 +00:00
- name: Reboot updates to apply
reboot:
2021-08-18 16:11:58 +00:00
reboot_timeout: 3600
2019-09-18 20:24:19 +00:00
when: upgrade.changed and "linux" in upgrade.packages and not debian.stdout
2019-04-15 18:14:02 +00:00
become: yes
2021-08-18 16:10:30 +00:00
- name: zsh install
2019-09-18 20:24:19 +00:00
package:
2021-08-18 16:10:30 +00:00
state: present
name: zsh
update_cache: true # not required. Whether or not to refresh the master package lists. This can be run as part of a package installation or as a separate step.
2019-09-18 20:24:19 +00:00
2021-08-18 16:10:30 +00:00
- name: sudoers install
package:
state: present # not required. choices: absent;latest;present. Desired state of the package.
name: sudo # not required. Name or list of names of the packages to install, upgrade, or remove.
2019-09-18 20:24:19 +00:00
- name: create profil
2018-12-01 19:56:20 +00:00
user:
2021-08-18 16:11:16 +00:00
name: "{{user.name}}" # required. Name of the user to create, remove or modify.
create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5.
password: "{{userPassword}}" # not required. Optionally set the user's password to this crypted value.,On macOS systems, this value has to be cleartext. Beware of security issues.,See U(https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module) for details on various ways to generate these password values.
system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users.
state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory.
uid: "{{ user.uid }}"
shell: /bin/bash
when: sssd_configure is not defined or sssd_configure == false
- name: simulate login
stat:
path: "/home/{{user.name}}"
become: true
become_user: "{{user.name}}"
when: sssd_configure == true
2021-08-18 16:11:58 +00:00
- name: set sudoers right
2018-12-01 20:01:35 +00:00
lineinfile:
2021-08-18 16:11:58 +00:00
dest: "/etc/sudoers.d/{{user.name}}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: "present"
2018-12-01 20:01:35 +00:00
create: True
2021-08-18 16:11:58 +00:00
owner: "root"
group: "root"
mode: "0440"
2018-12-01 20:01:35 +00:00
validate: 'visudo -cf "%s"'
with_items:
2021-08-18 16:11:16 +00:00
- regexp: '^{{user.name}}\s'
line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL"
2018-12-01 20:01:35 +00:00
- name: Ensure /etc/sudoers includes /etc/sudoers.d
lineinfile:
2021-08-18 16:11:16 +00:00
dest: "/etc/sudoers"
2018-12-01 20:01:35 +00:00
regexp: '^#includedir\s+/etc/sudoers.d$'
2021-08-18 16:11:16 +00:00
line: "#includedir /etc/sudoers.d"
state: "present"
2018-12-01 20:01:35 +00:00
validate: 'visudo -cf "%s"'
2018-12-02 20:02:00 +00:00
2020-03-01 20:06:02 +00:00
- name: Set authorized key taken from file
authorized_key:
user: "{{user.name}}"
state: present
key: "{{ lookup('file', '/home/{{user.name}}/.ssh/id_rsa.pub') }}"